If you want ColdFusion to create your session cookie as a domain level cookie e.g. .bar.com rather than foo.bar.com then you can configure that in the jrun-web.xml:-

<session-config>    
   <cookie-config>
          <active>true</active>
          <cookie-domain>.bar.com</cookie-domain>
   </cookie-config>
  <persistence-config>
    <active>false</active>
  </persistence-config>
</session-config>

However, this is an instance wide setting so if you want to run two applications on that instance or indeed one application with or more different top-level domains then one of them will have sessions that do not work.

Is there a way to add multiple domains to the jrun-web.xml and have it pick the relevant one?

Thanks.

I managed to find the DTD for jrun-web.xml (the link @ the top points to a defunct Macromedia URL).

This specifies that there can be only one <cookie-domain> node in the XML. I've also tested a list of domain names, eg:

<cookie-domain>.domainA.com,.domainB.com</cookie-domain>

And that doesn't work either.

Not an absolute answer, but I suspect that it's possibly not possible (!), and it's certainly not possible via jrun-web.xml (which I guess answers one of your questions at least).

I think you could use <CFHEADER> to set domain cookies instead of <CFCOOKIE>?

<cfapplication
   setdomaincookies=yes
   .....>

This will set your cfid and cftoken cookies as domain cookies (*.bar.com) rather than the host-specific values (foo.bar.com).

CFApplication (see the section on setDomainCookies)

I think if you name your application with the cgi.server_name variable, and each of your sites uses the same application.cfc or application.cfm file, then your session and cookie variables will be properly scoped for each individual site. For example:

<cfapplication name="#cgi.server_name#" sessionmanagement="YES" clientmanagement="YES" sessiontimeout="#CreateTimeSpan(1,0,0,0)#" applicationtimeout="#CreateTimeSpan(1,0,0,0)#"  clientstorage="COOKIE" setclientcookies="YES">